102 matches found
All In One WP Security And Firewall < 4.0.6 - XSS
The All In One WP Security & Firewall WordPress plugin was affected by a XSS security vulnerability...
Wordpress Better-wp-security Plugin Remote Code Execution Vulnerability
Exploit for php platform in category web applications +++++++++++++++++++++ | + Exploit Title: Wordpress Better-wp-security Plugin Remote Code Execution | + Exploit Author: Tonel Team | + Vendor Homepage : https://wordpress.org/plugins/better-wp-security/ | + Download Link :...
WordPress Better WP Security Plugin <= 3.4.3 - Multiple XSS
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
WordPress Better WP Security Plugin <= 3.5.5 - Stored XSS
This plugin is prone to inc/admin/content.php idspecialfile parameter stored cross site scripting vulnerability. Solution Update the plugin...
WordPress Plugin All In One WP Security & Firewall admin/wp-security-list-404.php SQL Injection Vulnerability
WordPress is a set of blogging platform developed in PHP language by WordPress Software Foundation, which supports setting up personal blog sites on servers with PHP and MySQL.All In One WP Security & Firewall Plugin for WordPress is a Wordpress Security Plugin. All In One WP Security & Firewall...
WordPress All In One WP Security And Firewall 3.9.0 SQL Injection
Exploit Title : WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability Exploit Author : Claudio Viviani Vendor Homepage : https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ Software Link :...
CVE-2015-0895
Cross-site request forgery CSRF vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 aka Not Found HTTP status codes...
CVE-2015-0894
SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 aka Not Found HTTP status codes...
Sql injection
SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-0895
All In One WP Security & Firewall for WordPress (versions before 3.9.0) is affected by a CSRF vulnerability that can allow an attacker, while a logged-in admin exists, to hijack the administrator’s authentication to delete 404 logs via forged requests. Root cause is CSRF in the plugin; impact inc...
CVE-2015-0894
CVE-2015-0894 affects the WordPress plugin All In One WP Security & Firewall and its versions prior to 3.8.8. The vulnerability is described as a SQL injection (CWE-89) that could allow a remote attacker to execute arbitrary SQL commands via unspecified vectors, potentially impacting data confide...
CVE-2015-0895
Cross-site request forgery CSRF vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 aka Not Found HTTP status codes...
All In One WP Security & Firewall <= 3.8.9 - CSRF
According to the original advisory, "If a user views a malicious page while logged in, access logs 404 events maintained by the product may be deleted."...
CVE-2014-6242
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 orderby or 2 order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using...
Sql injection
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 orderby or 2 order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using...
CVE-2014-6242
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 orderby or 2 order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using...
CVE-2014-6242
All In One WP Security & Firewall (WordPress) has SQL injection vulnerabilities fixed in version 3.8.3 and earlier analyzed in CVE-2014-6242. HTB reports two SQLi flaws affecting all versions before 3.8.3, exploitable via the orderby and order parameters to wp-admin/admin.php (aiowpsec page). Exp...
All In One WP Security plugin 3.8.2 - 2xSQL Injections
The All In One WP Security & Firewall WordPress plugin was affected by a 2xSQL Injections security vulnerability...
WordPress Plugin All In One WP Security 3.8.2 - SQL Injection
WordPress Plugin All In One WP Security 3.8.2 - SQL Injection Advisory ID: HTB23231 Product: All In One WP Security WordPress plugin Vendor: Tips and Tricks HQ, Peter, Ruhul, Ivy Vulnerable Versions: 3.8.2 and probably prior Tested Version: 3.8.2 Advisory Publication: September 3, 2014 without...